Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page." Reference links suggest possible solution upgrade to latest version (2.6.1) at:
http://www.jspwiki.org/wiki/JSPWikiDownload
Publication date: Mon, 10 Mar 2008 22:44:00 +0000